Abstract
In modern factories, “controlled” manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study—indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network and at the security challenges that arise from the interaction between operators and machines; then, we propose actionable points to secure industrial cyber-physical systems, and we discuss the limitations of the current standards in industrial robotics to account for active attackers.
Highlights
The manufacturing industry is nowadays heavily automated and integrated with business processes: The pervasive interconnection of IT systems is paving its way toward the factory, where once-isolated operational technology (OT) systems are tightly integrated among themselves and with IT systems [5]
In the fields of industrial control systems and critical infrastructure, the most famous and studied targeted attack against a industrial control system (ICS) was Stuxnet [8], followed by other high-profile incidents: To name a few, in 2014, an attack to a German steel mill caused the inability to shut down a blast furnace; in December 2015, a cyberattack was allegedly responsible for power outages in Ukraine; more recently, between August and December 2017, researchers found in the wild instances of TRITON/TRISIS, an advanced malware with an OT payload targeted against a safety instrumented system deployed in a Middle Eastern critical infrastructure [25]
We analyzed the attack surface of modern controlled industrial manufacturing systems, and the security risks that arise from their interconnection, operation, and expansion with accompanied industrial internet of things (IIoT) devices
Summary
The manufacturing industry is nowadays heavily automated and integrated with business processes: The pervasive interconnection of IT systems is paving its way toward the factory, where once-isolated operational technology (OT) systems are tightly integrated among themselves and with IT systems [5]. Industrial robots are complex controlled devices, programmable in a flexible way, and are evolving fast They are interconnected (e.g., for monitoring and programming purposes), and the innovation trend is moving them “closer” to humans. Co-bots are designed to operate close to human workers, without any physical separation of their respective working spaces This evolution is, on the one hand, increasing the robot’s cyber-attack surface, and on the other hand, worsening the consequences of an attack. We summarize and extend the results by focusing on the broader attack surface not considered in our previous work, which includes (a) the physical attack surface exploitable by digital means through the user interaction; (b) security implications of the robot’s programming languages; and (c) a generalization of our results with a second case study on a controller by Universal Robots
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
